CVE List - 2022 / October
Showing 801 - 900 of 1849 CVEs for October 2022 (Page 9 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-41536 | 2022-10-14 | Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/manage_user.php. |
| CVE-2022-41538 | 2022-10-14 | Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-41539 | 2022-10-14 | Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
| CVE-2022-41576 | 2022-10-14 | The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices. |
| CVE-2022-41577 | 2022-10-14 | The kernel server has a vulnerability of not verifying the length of the data transferred in the user space.Successful exploitation of this vulnerability may cause out-of-bounds read in the kernel,... |
| CVE-2022-41578 | 2022-10-14 | The MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information. |
| CVE-2022-41580 | 2022-10-14 | The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. |
| CVE-2022-41581 | 2022-10-14 | The HW_KEYMASTER module has a vulnerability of not verifying the data read.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access. |
| CVE-2022-41582 | 2022-10-14 | The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability. |
| CVE-2022-41583 | 2022-10-14 | The storage maintenance and debugging module has an array out-of-bounds read vulnerability.Successful exploitation of this vulnerability will cause incorrect statistics of this module. |
| CVE-2022-41584 | 2022-10-14 | The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting. |
| CVE-2022-41585 | 2022-10-14 | The kernel module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause memory overwriting. |
| CVE-2022-41586 | 2022-10-14 | The communication framework module has a vulnerability of not truncating data properly.Successful exploitation of this vulnerability may affect data confidentiality. |
| CVE-2022-41587 | 2022-10-14 | Uncaptured exceptions in the home screen module. Successful exploitation of this vulnerability may affect stability. |
| CVE-2022-41588 | 2022-10-14 | The home screen module has a vulnerability in service logic processing.Successful exploitation of this vulnerability may affect data integrity. |
| CVE-2022-41589 | 2022-10-14 | The DFX unwind stack module of the ArkCompiler has a vulnerability in interface calling.Successful exploitation of this vulnerability affects system services and device availability. |
| CVE-2022-41592 | 2022-10-14 | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. |
| CVE-2022-41593 | 2022-10-14 | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. |
| CVE-2022-41594 | 2022-10-14 | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. |
| CVE-2022-41595 | 2022-10-14 | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. |
| CVE-2022-41597 | 2022-10-14 | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. |
| CVE-2022-41598 | 2022-10-14 | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. |
| CVE-2022-41600 | 2022-10-14 | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. |
| CVE-2022-41601 | 2022-10-14 | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. |
| CVE-2022-41602 | 2022-10-14 | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. |
| CVE-2022-41603 | 2022-10-14 | The phones have the heap overflow, out-of-bounds read, and null pointer vulnerabilities in the fingerprint trusted application (TA).Successful exploitation of this vulnerability may affect the fingerprint service. |
| CVE-2022-41715 | 2022-10-14 | Memory exhaustion when compiling regular expressions in regexp/syntax |
| CVE-2022-42064 | 2022-10-14 | Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell. |
| CVE-2022-42066 | 2022-10-14 | Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php. |
| CVE-2022-42067 | 2022-10-14 | Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability |
| CVE-2022-42069 | 2022-10-14 | Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting (XSS) vulnerability. |
| CVE-2022-42070 | 2022-10-14 | Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF). |
| CVE-2022-42071 | 2022-10-14 | Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability. |
| CVE-2022-42234 | 2022-10-14 | There is a file inclusion vulnerability in the template management module in UCMS 1.6 |
| CVE-2022-36802 | 2022-10-14 | The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be... |
| CVE-2022-36803 | 2022-10-14 | The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role... |
| CVE-2022-32177 | 2022-10-14 | Gin-vue-admin - Unrestricted File Upload |
| CVE-2022-42488 | 2022-10-14 | Startup subsystem missed permission validation in param service. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services. |
| CVE-2022-41686 | 2022-10-14 | Out-of-bound memory read and write in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The proc ... |
| CVE-2022-42463 | 2022-10-14 | Softbus_server in communication subsystem has a authenication bypass vulnerability in a callback handler function. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary co ... |
| CVE-2022-42464 | 2022-10-14 | Kernel memory pool override in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could disclose sensitive information including kernel pointer, which could be used in furth ... |
| CVE-2022-28762 | 2022-10-14 | Debugging port misconfiguration in Zoom Apps in the Zoom Client for Meetings for macOS |
| CVE-2022-28760 | 2022-10-14 | Zoom On-Premise Deployments: Improper Access Control |
| CVE-2022-28759 | 2022-10-14 | Zoom On-Premise Deployments: Improper Access Control |
| CVE-2022-28761 | 2022-10-14 | Zoom On-Premise Deployments: Improper Access Control |
| CVE-2022-41623 | 2022-10-14 | WordPress ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 - Sensitive Data Exposure vulnerability |
| CVE-2022-38418 | 2022-10-14 | Adobe ColdFusion Application Server Directory Traversal Remote Code Execution Vulnerability |
| CVE-2022-35710 | 2022-10-14 | Adobe ColdFusion ODBC Server Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-35712 | 2022-10-14 | Adobe ColdFusion ODBC Agent Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-35690 | 2022-10-14 | Adobe ColdFusion ODBC Agent Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-38420 | 2022-10-14 | Adobe ColdFusion Use of Hard-coded Credentials Application denial-of-service |
| CVE-2022-35711 | 2022-10-14 | Adobe ColdFusion ODBC Server Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2022-38419 | 2022-10-14 | Adobe ColdFusion Solr Service XML External Entity Processing Arbitrary file system read |
| CVE-2022-38421 | 2022-10-14 | Adobe ColdFusion Application Server Directory Traversal Remote Code Execution Vulnerability |
| CVE-2022-38422 | 2022-10-14 | Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability |
| CVE-2022-38423 | 2022-10-14 | Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability |
| CVE-2022-42340 | 2022-10-14 | Adobe ColdFusion Improper Input Validation Arbitrary file system read |
| CVE-2022-38424 | 2022-10-14 | Adobe ColdFusion Application Server Directory Traversal Arbitrary file system write |
| CVE-2022-42341 | 2022-10-14 | Adobe ColdFusion Improper Restriction of XML External Entity Reference Arbitrary file system read |
| CVE-2022-38450 | 2022-10-14 | Adobe Acrobat Reader DC XFA Parsing Stack Overflow Remote Code Execution Vulnerability |
| CVE-2022-42342 | 2022-10-14 | Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2022-42339 | 2022-10-14 | Adobe Acrobat Reader DC XFA Parsing Stack Overflow Remote Code Execution |
| CVE-2022-35691 | 2022-10-14 | Adobe Acrobat Reader NULL Pointer Dereference Application denial-of-service |
| CVE-2022-38449 | 2022-10-14 | Adobe Acrobat Reader DC JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2022-38437 | 2022-10-14 | Adobe Acrobat Reader Use After Free Memory leak |
| CVE-2022-35698 | 2022-10-14 | Adobe Commerce Stored XSS Arbitrary code execution |
| CVE-2022-35689 | 2022-10-14 | Adobe Commerce Improper Access Control Security feature bypass |
| CVE-2022-38440 | 2022-10-14 | Adobe Dimension SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-38441 | 2022-10-14 | Adobe Dimension GLB File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2022-38447 | 2022-10-14 | Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-38445 | 2022-10-14 | Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-38442 | 2022-10-14 | Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-38443 | 2022-10-14 | Adobe Dimension GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2022-38446 | 2022-10-14 | Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-38444 | 2022-10-14 | Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2022-38448 | 2022-10-14 | Adobe Dimension SKP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2017-20149 | 2022-10-15 | The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a... |
| CVE-2022-3518 | 2022-10-15 | SourceCodester Sanitization Management System User Creation cross site scripting |
| CVE-2022-3519 | 2022-10-15 | SourceCodester Sanitization Management System Quote Requests Tab cross site scripting |
| CVE-2022-42961 | 2022-10-15 | An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such... |
| CVE-2022-3521 | 2022-10-16 | Linux Kernel kcm kcmsock.c kcm_tx_work race condition |
| CVE-2022-3523 | 2022-10-16 | Linux Kernel Driver memory.c use after free |
| CVE-2022-3524 | 2022-10-16 | Linux Kernel IPv6 ipv6_renew_options memory leak |
| CVE-2022-3526 | 2022-10-16 | Linux Kernel skb macvlan.c macvlan_handle_frame memory leak |
| CVE-2022-41323 | 2022-10-16 | In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated... |
| CVE-2022-42968 | 2022-10-16 | Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled. |
| CVE-2022-42969 | 2022-10-16 | The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the... |
| CVE-2022-3543 | 2022-10-17 | Linux Kernel BPF af_unix.c unix_release_sock memory leak |
| CVE-2022-3546 | 2022-10-17 | SourceCodester Simple Cold Storage Management System Create User cross site scripting |
| CVE-2022-3547 | 2022-10-17 | SourceCodester Simple Cold Storage Management System Setting cross site scripting |
| CVE-2022-3548 | 2022-10-17 | SourceCodester Simple Cold Storage Management System Add New Storage cross site scripting |
| CVE-2022-3549 | 2022-10-17 | SourceCodester Simple Cold Storage Management System Avatar unrestricted upload |
| CVE-2022-3564 | 2022-10-17 | Linux Kernel Bluetooth l2cap_core.c l2cap_reassemble_sdu use after free |
| CVE-2022-3565 | 2022-10-17 | Linux Kernel Bluetooth l1oip_core.c del_timer use after free |
| CVE-2017-7517 | 2022-10-17 | An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject",... |
| CVE-2019-14840 | 2022-10-17 | A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials. |
| CVE-2019-14841 | 2022-10-17 | A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in... |
| CVE-2022-0699 | 2022-10-17 | A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via... |
| CVE-2022-22128 | 2022-10-17 | Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release.... |
| CVE-2022-23769 | 2022-10-17 | Secuever reverseWall-MDS Remote Code Execution Vulnerability |